SlideShare una empresa de Scribd logo

apidays LIVE London 2021 - Authorization is on the rise. by Damian Schenkelman, Auth0

apidays
apidays

apidays LIVE London 2021 - Reaching Maximum Potential in Banking & Insurance with API Mindset October 27 & 28, 2021 API Security Authorization is on the rise. What if there was an API for it? Damian Schenkelman, Principal Engineer at Auth0

Tecnología
1 de 65
Descargar para leer sin conexión
Authorization is on the rise. What if there was an API for it? @dschenkelman
Building software in 2021…
Security
Privacy
New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here
Compliance
Table Stakes https://medium.com/pm-insights/how-to-pick-winning-product- features-7b03abcf7d12
Collaboration
Sharing
Partnerships
Differentiator https://medium.com/pm-insights/how-to-pick-winning-product- features-7b03abcf7d12
Authorization
NOT Authentication
Authorization
OWASP TOP 1 https://owasp.org/Top10/ Broken Access Control
In the beginning… RBAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); if (user.role === "admin")) { // delete customer // return 204 } else { // return 403 } select role from users where userId == {uid};
In the beginning… RBAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); if (user.role === "admin")) { // delete customer // return 204 } else { // return 403 } select role from users where userId == {uid};
In the beginning… RBAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); if (user.role === "admin")) { // delete customer // return 204 } else { // return 403 } select role from users where userId == {uid};
In the beginning… RBAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); if (user.role === "admin")) { // delete customer // return 204 } else { // return 403 } select role from users where userId == {uid};
In the beginning… RBAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); if (user.role === "admin")) { // delete customer // return 204 } else { // return 403 } select role from users where userId == {uid};
Finer Grained Authorization
I want to use attributes from subject and object… ABAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && !customer.subscribed)) { // delete customer // return 204 } else { // return 403 } select department from users where id == {uid}; select subscribed from customers where id == {cid};
I want to use attributes from subject and object… ABAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && !customer.subscribed)) { // delete customer // return 204 } else { // return 403 } select department from users where id == {uid}; select subscribed from customers where id == {cid};
I want to use attributes from subject and object… ABAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && !customer.subscribed)) { // delete customer // return 204 } else { // return 403 } select department from users where id == {uid}; select subscribed from customers where id == {cid};
I want to use attributes from subject and object… ABAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && !customer.subscribed)) { // delete customer // return 204 } else { // return 403 } select department from users where id == {uid}; select subscribed from customers where id == {cid};
I want to use attributes from subject and object… ABAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && !customer.subscribed)) { // delete customer // return 204 } else { // return 403 } select department from users where id == {uid}; select subscribed from customers where id == {cid};
I want to use attributes from subject and object… ABAC DELETE /customers/{id} const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && !customer.subscribed)) { // delete customer // return 204 } else { // return 403 } select department from users where id == {uid}; select subscribed from customers where id == {cid};
I want to know who did what… DELETE /customers/{id} // log: cookie.userId requesting authz to delete customer const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && customer.unsubscribed)) { // log: cookie.userId authorized to delete customer // delete customer // return 204 } else { // log: cookie.userId unauthorized to delete customer // return 403 } select department from users where id == {uid}; select unsubscribed from customers where id == {cid};
I want to know who did what… DELETE /customers/{id} // log: cookie.userId requesting authz to delete customer const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && customer.unsubscribed)) { // log: cookie.userId authorized to delete customer // delete customer // return 204 } else { // log: cookie.userId unauthorized to delete customer // return 403 } select department from users where id == {uid}; select unsubscribed from customers where id == {cid};
I want to know who did what… DELETE /customers/{id} // log: cookie.userId requesting authz to delete customer const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && customer.unsubscribed)) { // log: cookie.userId authorized to delete customer // delete customer // return 204 } else { // log: cookie.userId unauthorized to delete customer // return 403 } select department from users where id == {uid}; select unsubscribed from customers where id == {cid};
I want it to be reliable and fast… DELETE /customers/{id} // log: cookie.userId requesting authz to delete customer const user = await db.users.get(cookie.userId); const customer = await db.customers.get(req.path.id); if (user.department === "IT" && customer.unsubscribed)) { // log: cookie.userId authorized to delete customer // delete customer // return 204 } else { // log: cookie.userId unauthorized to delete customer // return 403 } select department from users where id == {uid}; select unsubscribed from customers where id == {cid};
Access Review? Who can access what?
Approval? Change Management
Auditing? What happened?
Reliability?
Latency?
Developer APIs
Approach #1: Policies
Mental Picture public enum Decision { Allow, Deny, … } public Decision {policy_name} (subject, permission, object, context) { // rules… }
Example Architecture 3. get user and customer data 2. can user delete customer? 1. can user delete customer? Manage Policies PAP Policy Decision Point Policy Information Point 6. delete customer 5. user is authorized Policy Repository Customer Service 4. evaluate policy
Advantages • Easier to understand what authorization logic applies • Authorization change management is simpler than having it in code • Auditing is implemented outside of business logic
Disadvantages • Requires operating more components
Disadvantages • Requires operating more components • Does not handle storage of authz data • 👉 latency + reliability + scale • 👉 collaboration scenarios •
Approach #2: "Zanzibar"
Zanzibar Not this one…
Google Zanzibar https://research.google/pubs/pub48190/
ReBAC
Multi-region
Sweet spot Policies (AuthZ needs) DBaaS (handles data) Zanzibar "as a Service”
Industry
Alternatives (disclaimer: I work on Project "Sandcastle") Project "Sandcastle"
DEMO
Architecture Sandcastle in "PDP Mode" 2. check(user, delete, customer) 1. can user delete customer? Customer Service PDP Sandcastle 4. delete customer 3. user is authorized nginx
Enforcement
Advantages • Auditing is part of "aaS" • Authorization change management is simpler than having it in code • Easier to understand what authorization logic applies • Multi-region and operated by someone else
Disadvantages • Many things are a relationship, but not everything (e.g. time of day)
Approach #3: Combined
Architecture Sandcastle in "PIP Mode" 4. check(user, delete, customer) 2. can user delete customer? 1. can user delete customer? Manage Policies Distribute Policies PAP PDP PIP Sandcastle 6. delete customer 5. user is authorized Policy Repository 3. evaluate policy
Final Thoughts
AuthZ APIs Resources • Google Zanzibar: https://research.google/pubs/pub48190/ • Zanzibar Academy: https://zanzibar.academy • Himeji (Zanzibar @ Airbnb): https://medium.com/airbnb-engineering/himeji-a-scalable- centralized-system-for-authorization-at-airbnb-341664924574 • AuthZ (Zanzibar @ Carta): https://medium.com/building-carta/authz-cartas-highly- scalable-permissions-system-782a7f2c840f • Facebook TAO: https://www.usenix.org/system/ fi les/conference/atc13/atc13-bronson.pdf • Authzed: https://authzed.com/ • Ory Keto: https://www.ory.sh/keto/docs/
@auth0lab Resources • Sandcastle playground: https://learn.sandcastle.cloud/ • Auth0 Lab discord: https://t.co/ybHn8hEOBl?amp=1 • Authorization in Software Podcast: https:// authorizationinsoftware.auth0.com/ • @auth0lab: https://twitter.com/auth0lab
Policy Resources • OPA: https://www.openpolicyagent.org/ • Styra: https://www.styra.com/ • OSOHQ: https://docs.osohq.com/ • XACML: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html • NIST ABAC: https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf • RBAC: https://csrc.nist.gov/CSRC/media/Publications/conference-paper/1992/10/13/ role-based-access-controls/documents/ferraiolo-kuhn-92.pdf
Thanks! @dschenkelman @auth0lab
Questions?
New York JULY Australia SEPTEMBER Singapore APRIL Helsinki & North MARCH Paris DECEMBER London OCTOBER Jakarta FEBRUARY Hong Kong AUGUST JUNE India MAY Check out our API Conferences here 50+ events since 2012, 14 countries, 2,000+ speakers, 50,000+ attendees, 300k+ online community Want to talk at one of our conferences? Apply to speak here

Recomendados

apidays LIVE London 2021 - AI for Insurance, Expert.ai
apidays LIVE London 2021 - AI for Insurance, Expert.aiapidays LIVE London 2021 - AI for Insurance, Expert.ai
apidays LIVE London 2021 - AI for Insurance, Expert.ai
apidays
 
apidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipios
apidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipiosapidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipios
apidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipios
apidays
 
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays
 
apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...
apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...
apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...
apidays
 
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays
 
apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...
apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...
apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...
apidays
 
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays
 

Recomendados

apidays LIVE London 2021 - AI for Insurance, Expert.ai
apidays LIVE London 2021 - AI for Insurance, Expert.aiapidays LIVE London 2021 - AI for Insurance, Expert.ai
apidays LIVE London 2021 - AI for Insurance, Expert.ai
apidays
 
apidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipios
apidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipiosapidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipios
apidays LIVE Jakarta - Serverless powered Low Code by Alex-Adrien Auger, Sipios
apidays
 
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays LIVE Australia 2021 - Overcoming the 3 Largest Obstacles to Digital T...
apidays
 
apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...
apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...
apidays LIVE JAKARTA - APIs as Products in payments, telecommunications and D...
apidays
 
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays LIVE London 2021 - Getting started with Event-Driven APIs by Hugo Gue...
apidays
 
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays LIVE India - Asynchronous and Broadcasting APIs using Kafka by Rohit ...
apidays
 
apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...
apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...
apidays LIVE Jakarta - Building an Event-Driven Architecture by Harin Honesty...
apidays
 
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays LIVE Paris 2021 - Event driven design and serverless by Omid Eidivand...
apidays
 
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays
 
Palsoft company information
Palsoft company informationPalsoft company information
Palsoft company information
Kamal Patel
 
Connected Energy - An API Journey
Connected Energy - An API JourneyConnected Energy - An API Journey
Connected Energy - An API Journey
Nordic APIs
 
Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN
kloia
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
Hitachi, Ltd. OSS Solution Center.
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
Nirmal Fernando
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
Kellton Tech Solutions Ltd
 
apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...
apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...
apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...
apidays
 
apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...
apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...
apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...
apidays
 
apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...
apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...
apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...
apidays
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
00zzj
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)
Apigee | Google Cloud
 
APIStrat 2016: Moving Toward a Modular Enterprise
APIStrat 2016: Moving Toward a Modular EnterpriseAPIStrat 2016: Moving Toward a Modular Enterprise
APIStrat 2016: Moving Toward a Modular Enterprise
LaunchAny
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
Manmohan Gupta
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gateway
Zuaib
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
apidays
 
apidays LIVE Jakarta - API Gateway: critical component of your digital archit...
apidays LIVE Jakarta - API Gateway: critical component of your digital archit...apidays LIVE Jakarta - API Gateway: critical component of your digital archit...
apidays LIVE Jakarta - API Gateway: critical component of your digital archit...
apidays
 
Event mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI SingaporeEvent mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI Singapore
Phil Scanlon
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?
Apigee | Google Cloud
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
Denodo
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and Compliance
Marc Boorshtein
 

Más contenido relacionado

La actualidad más candente

Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
Nirmal Fernando
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)
Apigee | Google Cloud
 

La actualidad más candente (20)

apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
apidays LIVE India - Digital Trust Infrastructure - Key to digital transforma...
 
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
apidays LIVE Jakarta - E5 ways to make your integration more resilient by Je...
 
Palsoft company information
Palsoft company informationPalsoft company information
Palsoft company information
 
Connected Energy - An API Journey
Connected Energy - An API JourneyConnected Energy - An API Journey
Connected Energy - An API Journey
 
Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN Gravitee API Management - Ahmet AYDIN
Gravitee API Management - Ahmet AYDIN
 
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security ProfileAPIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
APIdays Paris 2019 : Financial-grade API (FAPI) Security Profile
 
Cloud Native Application Integration With APIs
Cloud Native Application Integration With APIsCloud Native Application Integration With APIs
Cloud Native Application Integration With APIs
 
API strategy with IBM API connect
API strategy with IBM API connectAPI strategy with IBM API connect
API strategy with IBM API connect
 
apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...
apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...
apidays LIVE New York 2021 - API as a product: who, what, where, when, why, a...
 
apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...
apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...
apidays LIVE Hong Kong 2021 - Modernizing Monolith Applications with API Arch...
 
apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...
apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...
apidays LIVE Australia 2021 - Unlocking the Internet of Things with Telco API...
 
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
[Kong summit 2019] Egress Gateway Pattern - Zhuojie Zhou
 
API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)API Maturity Model (Webcast with Accenture)
API Maturity Model (Webcast with Accenture)
 
APIStrat 2016: Moving Toward a Modular Enterprise
APIStrat 2016: Moving Toward a Modular EnterpriseAPIStrat 2016: Moving Toward a Modular Enterprise
APIStrat 2016: Moving Toward a Modular Enterprise
 
API Management Demystified
API Management DemystifiedAPI Management Demystified
API Management Demystified
 
Securely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gatewaySecurely expose protected resources as ap is with app42 api gateway
Securely expose protected resources as ap is with app42 api gateway
 
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
INTERFACE, by apidays - How APIs are making innovation exponential by Shaile...
 
apidays LIVE Jakarta - API Gateway: critical component of your digital archit...
apidays LIVE Jakarta - API Gateway: critical component of your digital archit...apidays LIVE Jakarta - API Gateway: critical component of your digital archit...
apidays LIVE Jakarta - API Gateway: critical component of your digital archit...
 
Event mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI SingaporeEvent mesh api meetup AsyncAPI Singapore
Event mesh api meetup AsyncAPI Singapore
 
Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?Does your API need to be PCI Compliant?
Does your API need to be PCI Compliant?
 

Similar a apidays LIVE London 2021 - Authorization is on the rise. by Damian Schenkelman, Auth0

Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
Denodo
 
Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture
Andrew Blades
 
Data Services and the Modern Data Ecosystem (ASEAN)
Data Services and the Modern Data Ecosystem (ASEAN)Data Services and the Modern Data Ecosystem (ASEAN)
Data Services and the Modern Data Ecosystem (ASEAN)
Denodo
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak
 
Oracle 11i OID AD Integration
Oracle 11i OID AD IntegrationOracle 11i OID AD Integration
Oracle 11i OID AD Integration
Mahesh Vallampati
 

Similar a apidays LIVE London 2021 - Authorization is on the rise. by Damian Schenkelman, Auth0 (20)

Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
 
Red Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and ComplianceRed Hat Summit - OpenShift Identity Management and Compliance
Red Hat Summit - OpenShift Identity Management and Compliance
 
Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture Pragmatic Approach to Microservices and Cell-based Architecture
Pragmatic Approach to Microservices and Cell-based Architecture
 
Data Services and the Modern Data Ecosystem (ASEAN)
Data Services and the Modern Data Ecosystem (ASEAN)Data Services and the Modern Data Ecosystem (ASEAN)
Data Services and the Modern Data Ecosystem (ASEAN)
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
Future of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud MigrationFuture of Your Atlassian Platform - Data Center and Cloud Migration
Future of Your Atlassian Platform - Data Center and Cloud Migration
 
Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?Which Application Modernization Pattern Is Right For You?
Which Application Modernization Pattern Is Right For You?
 
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
APIsecure 2023 - Approaching Multicloud API Security USing Metacloud, David L...
 
Dev ops
Dev opsDev ops
Dev ops
 
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018Hitchhiker's Guide to Azure AD - SPS St Louis 2018
Hitchhiker's Guide to Azure AD - SPS St Louis 2018
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition
 
A Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices EditionA Connector, A Container and an API Walk into a Bar… Microservices Edition
A Connector, A Container and an API Walk into a Bar… Microservices Edition
 
Sukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud ManagementSukumar Nayak-Agile-DevOps-Cloud Management
Sukumar Nayak-Agile-DevOps-Cloud Management
 
Oracle 11i OID AD Integration
Oracle 11i OID AD IntegrationOracle 11i OID AD Integration
Oracle 11i OID AD Integration
 
AppliFire Blue Print Design Guidelines
AppliFire Blue Print Design GuidelinesAppliFire Blue Print Design Guidelines
AppliFire Blue Print Design Guidelines
 
What is A Cloud Stack in 2017
What is A Cloud Stack in 2017What is A Cloud Stack in 2017
What is A Cloud Stack in 2017
 
DockerCon 16 General Session Day 2
DockerCon 16 General Session Day 2 DockerCon 16 General Session Day 2
DockerCon 16 General Session Day 2
 
apidays LIVE New York 2021 - Docs Driven API Development by Rahul Dighe, Paypal
apidays LIVE New York 2021 - Docs Driven API Development by Rahul Dighe, Paypalapidays LIVE New York 2021 - Docs Driven API Development by Rahul Dighe, Paypal
apidays LIVE New York 2021 - Docs Driven API Development by Rahul Dighe, Paypal
 
PCI: Building Compliant Applications in the Public Cloud - RightScale Compute...
PCI: Building Compliant Applications in the Public Cloud - RightScale Compute...PCI: Building Compliant Applications in the Public Cloud - RightScale Compute...
PCI: Building Compliant Applications in the Public Cloud - RightScale Compute...
 
Soa12c launch 1 overview cr
Soa12c launch 1 overview crSoa12c launch 1 overview cr
Soa12c launch 1 overview cr
 

Más de apidays

Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
apidays
 

Más de apidays (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
Apidays New York 2024 - The secrets to Graph success, by Leah Hurwich Adler, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
Apidays New York 2024 - API Discovery - From Crawl to Run by Rob Dickinson, G...
 
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
Apidays Singapore 2024 - Building with the Planet in Mind by Sandeep Joshi, M...
 
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
Apidays Singapore 2024 - Connecting Cross Border Commerce with Payments by Gu...
 
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
Apidays Singapore 2024 - Privacy Enhancing Technologies for AI by Mark Choo, ...
 
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
Apidays Singapore 2024 - Blending AI and IoT for Smarter Health by Matthew Ch...
 
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
Apidays Singapore 2024 - OpenTelemetry for API Monitoring by Danielle Kayumbi...
 
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
Apidays Singapore 2024 - Connecting Product and Engineering Teams with Testin...
 
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
Apidays Singapore 2024 - The Growing Carbon Footprint of Digitalization and H...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
Apidays Singapore 2024 - API Monitoring x SRE by Ryan Ashneil and Eugene Wong...
 
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
Apidays Singapore 2024 - A nuanced approach on AI costs and benefits for the ...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
Apidays Singapore 2024 - How APIs drive business at BNP Paribas by Quy-Doan D...
 

Último

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 

Último (20)

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

apidays LIVE London 2021 - Authorization is on the rise. by Damian Schenkelman, Auth0